[tor-talk] possible to identify tor user via hardware DRM?

[proper at secure-mail.biz]

<schoen at eff.org> wrote:
> One of the defenses people have talked about against hardware
> fingerprinting is running inside a virtual machine.  Normally,
> software inside the virtual machine, even if it's malicious,
> doesn't learn much about the physical machine that hosts the VM.
> If you always use Tor inside a VM, then even if there's a bug
> that lets someone take over your computer (or if they trick you
> into installing spyware), the malicious software won't be able
> to read much real uniqueness from the host hardware, unless
> there's also a bug in the VM software.
>
> [...]  There's probably more research to be done
> about the conditions under which VMs can be uniquely identified
> both "from the inside" by malware, and remotely by remote
> software fingerprinting, absent VM bugs that give unintended
> access to the host.

We documented, which data, malware inside a VM could collect to identify users. [1] That doesn't mean, we wouldn't be happy about sophisticated, dedicated research. However, here is a summary:

- (Apart from obvious and known, IP, DNS, (browser) fingerprinting.)
- internal LAN IP (of virtualized operating system)
- time zone (of virtualized operating system)
- username (of virtualized operating system)
- hostname (of virtualized operating system)
- mac address of virtual machine
- mac address of host (if using bridged networking) or mac address of gateway (if using virtual internal networking)
- virtual disk uuids
- Some information about the real CPU, depends on VM software. There might be options to further hide information about the CPU.
- Installed software packages.
- If you copy data into the VM: metadata.

[1] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.